问题描述
我对密码的散列有疑问.我正在网页上使用它:
I have a question regarding the hashing of password. I am using this on the webpage:
$pw = password_hash($_POST[password], PASSWORD_BCRYPT);
之后,我将结果存储在数据库中.我想使用Java Web Service验证密码.为此,我正在使用这种方法:
After that I store this result in the database. With my Java Web Service I want to verify the password. For that I am using this method:
if (BCrypt.checkpw(password, dbPwd)){
return Response.ok("ok").build();
}
dbPwd
是我存储的密码,而password是第一种方法的纯文本密码.不幸的是,我收到以下错误代码:
dbPwd
is the one I stored and password is the password in plain text from the first method. Unfortunately I am receiving this error code:
更新
我在互联网上发现,Java方法使用2y,而jBcrypt使用2a,这是一个错误".我在2a上试用了它,并且可以正常工作,但是如何解决这个问题/使其正常工作呢?
Update
I found in the internet, that there is a "bug" the Java method is using the 2y and the jBcrypt is using 2a. I tried it with 2a and it works, but how can I fix this/ make it work?
推荐答案
经过大量挖掘,我发现jBcrypt库的更新实现: https://github.com/patrickfav/bcrypt
After a lot of digging I found a newer implementation of the jBcrypt library: https://github.com/patrickfav/bcrypt
我使用Scala,但是概念基本相同,并且为了验证$2y$
哈希,我创建了一个小的实用程序函数:
I use Scala but the concepts are essentially the same and to verify a $2y$
hash I've created a small utility function:
import at.favre.lib._
/**
* Verifies an encrypted password against the expected value
*
* @link https://github.com/patrickfav/bcrypt
* @param hash The hashed password (encypted with BCrypt version $2Y$)
* @param password The unencrypted password string
*/
private def verifyBcryptHash(hash: String, password: String): Boolean = {
if (hash == null || hash.trim.isEmpty)
false
else
BCrypt
.verifyer()
.verifyStrict(
password.toCharArray(),
hash.toCharArray(),
BCrypt.Version.VERSION_2Y
)
.verified
}
这篇关于在PHP中哈希密码并使用Java进行验证(PASSWORD_BCRYPT和jBcrypt)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!